The present invention relates to a public certificate for verifying a signature to an electronic procedure received by a certain terminal in a public key infrastructure (hereinafter also referred to as “PKI”), and technology suitable to determine whether the public key certificate is valid.
In the public key infrastructure, when transmitting electronic data such as electronic documents, a transmitter's electronic signature and a public key certificate issued from a certificate authority are attached to the target electronic data. By confirming the validity of the electronic signature (hereinafter referred to as “signature”) attached to received data and the public key certificate, the recipient confirms that the transmitted electronic data is not tampered, and is transmitted from the correct transmitter. The issuance and the confirmation of the validity of public key certificates are performed in the public key infrastructure, and the standard specifications are stipulated in RFC5280 (Internet X.509 Public Key Infrastructure Certificate and CRL Profile) and the like.
A public key certificate, when its descriptions have been changed before the public key certificate expires, is revoked and invalidated by a certificate authority that issued the public key certificate. Accordingly, the recipient determines whether the received public key certificate is revoked when confirming its validity.
For the determination of revocation, a certificate revocation list (hereinafter referred to as “CRL”) issued from a certificate authority is used. The CRL includes the name (issuerName) and key information (authorityKeyIdentifier) of the certificate authority, the serial numbers (userCertificate) of revoked public certificates of those not expiring that were issued from the certificate authority, CRL validity period, and other information. The CRL is added with a signature of the certificate authority, and is periodically issued by the certificate authority. The recipient acquires the CRL from the certificate authority, and determines whether the serial number of a public key certificate added to received data is written in the acquired CRL. When the serial number is written in the CRL, the recipient determines that the public key certificate is revoked and invalid, and when not written, determines that the public key certificate is valid.
However, when there are a large number of public key certificates issued from certificate authorities, and many revoked public key certificates, the capacity of the CRL becomes enormous. Therefore, there is a problem in that recipients who receive electronic data added with a public key certificate require much time to acquire the CRL, and also much time to confirm the validity of the public key certificate. To address this problem, there is a service (hereinafter referred to as “validation server”) that online receives requests to determine whether public key certificates are revoked, and responds to the confirmation requests. Its standard specifications are prescribed in “The Internet Engineering Task Force (IETF), X.509 Internet Public Key Infrastructure Online Certificate Status Protocol OCSP (RFC2560), and page 2 “2.1 Request” “2.2 Response”.
The validation server periodically captures CRLs issued from certificate authorities and receives revocation confirmation requests (hereinafter referred to as “validation requests”) of public key certificates from terminals (hereinafter referred to as “terminal equipment”) used by recipients who confirm the revocation of public key certificates. The validation requests include information (CertID) for identifying a verification target certificate (a public key certificate to be verified). The information (CertID) for identifying a verification target certificate includes a hash algorithm (hashAlgorithm) used by terminal equipment, the name information (issuerNameHash) and key information (issuerKeyHash) of a certificate authority that issued the verification target certificate, and the serial number (serialNumber) of the verification target certificate. The name information (issuerNameHash) and key information (issuerKeyHash) of a certificate authority are generated by respectively subjecting the name data (issuerName) and key data (authorityKeyIdentifier) of the certificate authority to hash calculation by a hash algorithm used by the terminal equipment.
On receiving the validation request, the validation server checks whether the serial number of the verification target certificate is written in the CRL captured previously, and transmits information indicating whether the public key certificate being the verification target certificate is revoked, to the terminal equipment. The response message (hereinafter referred to as “validation result”) transmitted from the validation server to the terminal equipment includes information indicating whether the status of the verification target certificate is valid (good), revoked, or unknown. Furthermore, the signature and certificate (hereinafter referred to as “validation server certificate”) of the validation server that has performed the verification are added to a validation result so that the user of the terminal equipment can confirm that the validation result has been transmitted correctly by the validation server.
The CRL contains all the serial numbers of public key certificates revoked at the time when the certificate authority created the CRL.
There can occur a case where plural certificate authorities are operated, a certificate authority that issued a public key certificate attached to electronic data by a transmitter differs from a certificate authority used by a recipient, and the recipient cannot confirm the validity of the transmitter's public key certificate. In such a case, a technology for allowing the validation server to address plural certificate authorities is disclosed in JP-A No. 2002-139996.